CTO Insights: PIN-on-Glass is coming

Imagine taking a regular mobile phone and turning it into a payment device with a simple app download. That’s the utopian dream many companies are chasing today. For small transactions, we’d use NFC rails with no PIN pad or external device. For larger transactions, the goal would be to strengthen the security of the transaction by adding PIN entry using the mobile device itself. This is commonly known as PIN-on-Glass or, as Visa and Mastercard have referred to it, as PIN-on-Mobile or PoM.

Targeting Micro Merchants

Historically, if you look at the micro merchant space where people are doing a few transactions a week or even month, those merchants don’t want to spend a few thousand dollars on a full-blown POS or a few hundred dollars on a payment terminal.

Micro merchants are the ideal candidate for turning a regular mobile phone into a payment device for a few key reasons. They deal primarily in cash so getting them to accept payments would open a new market to the card issuers. Additionally, micro merchants tend to have low value purchases which typically have a low amount of fraud. Add to this scenario the fact that there will be an estimated 300 million contactless cards in circulation by the end of next year, and it’s no wonder why the card issuers see this as a green field opportunity.

Card Issuers Seek To Defend Territory

For further evidence of this opportunity, we can note how Visa and Mastercard have relaxed their stance on PIN standards, which have historically been hand-in-hand with PCI PTS (PIN transaction security) — an onerous, heavy-weight, albeit important, security standard. The brands have always deemed PINs security important and there was a time when something such as accepting a PIN on a consumer mobile phone would be difficult to talk about, let alone get approved.

It’s possible that some of this willingness to evolve is being driven by the Asian market where we see alternative and unique payment methods being adopted, and becoming very popular. With the widescale adoption of mobile phones and NFC usage for payments, the card brands most likely see a threat to their business model and, in a defensive move against potential disruptors, are wisely embracing the spirit of mobile.

Obstacles to PIN-on-Glass

One of the biggest (and most obvious) challenges with mobile devices is that they’re insecure. iPhones and Android phones can be jailbroken/rooted. How can we make these devices secure or be confident enough that a consumer device that can accept PIN entry?

Companies are working on ideas. For instance, by scrambling the numbers on a screen’s PIN pad, it makes it more difficult for any malware to understand what tap on the screen corresponds to what number.

Additionally, the industry is still waiting for data from trials that will reveal how customers perceive this change. We can invent all the technology we like, but if consumers don’t feel safe, don’t know how to use it, or it’s too radical of a change, the project will end before it begins.

Finally, such a move can be frightening to the companies involved. If we are going down the route of using consumer devices to enter potential sensitive information, the first time someone compromises it, it’s going to be big toxic news that will harm reputations.

Next Steps

Creditcall has been watching this trend closely. Two of the things we do very well — EMV Kernels and a payment gateway — are core components of achieving contactless payments and PIN entry on a mobile phone. In fact, we already have a pilot out with one of the leading processors and have a proof of concept technology stack which puts us on the cutting edge of this trend. For companies looking to turn proof-of-concept into a reality, let us know. We have all the pieces ready to go.

Beyond the business opportunity, we’re all consumers ourselves and this shift is just another example of the continuous evolution of the payment technology industry. We can all appreciate improved ease of use and new functionality that enhances our daily lives. PIN-on-glass is poised to do both.